From patchwork Sun Apr 15 16:51:01 2012
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Subject: [semi-urgent,v2] linux-user: Fix exit syscall with QOM CPU
Date: Sun, 15 Apr 2012 06:51:01 -0000
From: =?utf-8?q?Andreas_F=C3=A4rber?= <afaerber@suse.de>
X-Patchwork-Id: 152663
Message-Id: <1334508661-13492-1-git-send-email-afaerber@suse.de>
To: qemu-devel@nongnu.org
Cc: blauwirbel@gmail.com, Serge Schneider <serge@xecdesign.com>,
 Riku Voipio <riku.voipio@iki.fi>,
 Russell Keith Davis <russell@russelldavis.org>,
 =?UTF-8?q?Andreas=20F=C3=A4rber?= <afaerber@suse.de>

For QOM'ified CPUs we cannot g_free() CPUArchState, we must
object_delete() the object it is embedded into.

Fixes LP#982321 (invalid free() while executing pacman with qemu-arm).

Reported-by: Serge Schneider <serge@xecdesign.com>
Reported-by: Russell Keith Davis <russell@russelldavis.org>
Signed-off-by: Andreas Färber <afaerber@suse.de>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Tested-by: Serge Schneider <serge@xecdesign.com>
Tested-by: Russell Keith Davis <russell@russelldavis.org>

---
Blue, can you please apply this fix before more targets get converted and
 run into regressions? Thanks! (ppc PULL coming up)
 
 linux-user/syscall.c |    4 ++++
 1 files changed, 4 insertions(+), 0 deletions(-)

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 8a92162..7128618 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -5045,7 +5045,11 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1,
                         NULL, NULL, 0);
           }
           thread_env = NULL;
+#ifdef ENV_GET_CPU
+          object_delete(OBJECT(ENV_GET_CPU(cpu_env)));
+#else
           g_free(cpu_env);
+#endif
           g_free(ts);
           pthread_exit(NULL);
       }